Network Guys

Share your knowledge!

Configuring a fallback for default-route on a Cisco router

This was a wish from one of my customer and I was investing a lot of time to connect the site2site VPN on both WAN uplinks with EIGRP metric and so on… but there is another simple way to configure an automatic default-route fallback which solves all our problems in case the primary WAN links will fail:

We will configure a task which pings every three seconds to a self-defined target (for example the central-office router):

ip sla 10
icmp-echo 99.22.11.44
timeout 1000
threshold 2
frequency 3

ip sla schedule 10 life forever start-time now

Now we will define that the target needs to be reachable

track 10 rtr 1 reachability

/edi: On Version 15.x use this:

track 10 ip sla 10 reachability

the primary WAN uplink / default-route will only be used when the target is reachable and will only use our secondary WAN link (in this example a dialer-interface) in case the icmp echo is not working. So we also add a default-route out to the dialer-interface with a higher distance metric administrative distance:

ip route 0.0.0.0 0.0.0.0 88.77.66.55 track 10
ip route 0.0.0.0 0.0.0.0 Dialer1 200

to be on the safe side we will also NAT overload for both interfaces:

ip access-list extended tonat_wan1
deny   ip any 10.0.0.0 0.255.255.255
deny   ip any 172.16.0.0 0.15.255.255
deny   ip any 192.168.0.0 0.0.255.255
permit ip 192.168.23.0 0.0.0.255 any

ip access-list extended tonat_wan2
deny   ip any 10.0.0.0 0.255.255.255
deny   ip any 172.16.0.0 0.15.255.255
deny   ip any 192.168.0.0 0.0.255.255
permit ip 192.168.23.0 0.0.0.255 any

ip nat inside source list tonat_primary_wan interface FastEthernet0 overload

ip nat inside source list tonat_secondary_wan interface Dialer1 overload

you can also bind your VPN crypto map to both WAN uplinks so you will also have a VPN fallback. Keep in mind to configure “ip tcp adjust-mss 1452” at your internal LAN interface, otherwise you can’t surf on webservers in the internet.

4 Responses

Leave a Reply

Click on the button to load the content from jetpack.wordpress.com.

Load content

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Certificates

ekahau Certified Survey Engineer
ATP_wsrgb
ACMP2
suca
Post Categories
Post Archives